Total
7419 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0367 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks. | |||||
| CVE-2007-6418 | 1 Debian | 1 Debian Linux | 2024-02-28 | 2.1 LOW | N/A |
| The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments. | |||||
| CVE-2007-6660 | 1 2z Project | 1 2z Project | 2024-02-28 | 5.0 MEDIUM | N/A |
| 2z project 0.9.6.1 allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid template or (2) a request to the default URI with certain year and month parameters, which reveals the path in various error messages. | |||||
| CVE-2007-6417 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | N/A |
| The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of service (crash). | |||||
| CVE-2008-1113 | 2 Cisco, Vocera Communications | 2 7921 Wireless Ip Phone, Vocera Communications Badge | 2024-02-28 | 7.8 HIGH | N/A |
| Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks. | |||||
| CVE-2007-6150 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 2.1 LOW | N/A |
| The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values. | |||||
| CVE-2008-0901 | 2 Bea, Bea Systems | 2 Weblogic Server, Weblogic Server | 2024-02-28 | 7.1 HIGH | N/A |
| BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not. | |||||
| CVE-2008-0593 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-28 | 4.3 MEDIUM | N/A |
| Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems. | |||||
| CVE-2008-0636 | 1 Level Platforms | 1 Managed Workplace Service Center | 2024-02-28 | 5.0 MEDIUM | N/A |
| Level Platforms, Inc. (LPI) Managed Workplace Service Center 4.x, 5.x and 6.x allows remote attackers to obtain sensitive information via a direct request to About/SC_About.htm, which provides version and patch information. | |||||
| CVE-2008-0395 | 1 Kayako | 1 Supportsuite | 2024-02-28 | 5.0 MEDIUM | N/A |
| Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal. | |||||
| CVE-2007-6476 | 1 Gf 3xplorer | 1 Gf 3xplorer | 2024-02-28 | 5.0 MEDIUM | N/A |
| GF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2008-0191 | 1 Wordpress | 1 Wordpress | 2024-02-28 | 5.0 MEDIUM | N/A |
| WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure. | |||||
| CVE-2007-6206 | 6 Canonical, Debian, Linux and 3 more | 12 Ubuntu Linux, Debian Linux, Linux Kernel and 9 more | 2024-02-28 | 2.1 LOW | N/A |
| The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information. | |||||
| CVE-2007-6514 | 2 Apache, Linux | 2 Http Server, Linux Kernel | 2024-02-28 | 4.3 MEDIUM | N/A |
| Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive. | |||||
| CVE-2008-1181 | 1 Juniper | 1 Secure Access 2000 | 2024-02-28 | 5.0 MEDIUM | N/A |
| Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows remote attackers to obtain sensitive information via a direct request for remediate.cgi without certain parameters, which reveals the path in an "Execute failed" error message. | |||||
| CVE-2008-1111 | 1 Lighttpd | 1 Lighttpd | 2024-02-28 | 5.0 MEDIUM | N/A |
| mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information. | |||||
| CVE-2008-0136 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2024-02-28 | 5.0 MEDIUM | N/A |
| Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive information via a direct request to forum/whereami.asp, which reveals the database path. | |||||
| CVE-2008-0736 | 1 Shoppingtree | 1 Candypress Store | 2024-02-28 | 5.0 MEDIUM | N/A |
| admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly other 4.x and 3.x versions, allows remote attackers to obtain the path via a certain value of the FedExAccount parameter. | |||||
| CVE-2007-6221 | 1 Tumusika Evolution | 1 Tumusika Evolution | 2024-02-28 | 7.8 HIGH | N/A |
| TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||